CN113767613A - Managing data and data usage in an IOT network - Google Patents
Managing data and data usage in an IOT network Download PDFInfo
- Publication number
- CN113767613A CN113767613A CN202080032483.7A CN202080032483A CN113767613A CN 113767613 A CN113767613 A CN 113767613A CN 202080032483 A CN202080032483 A CN 202080032483A CN 113767613 A CN113767613 A CN 113767613A
- Authority
- CN
- China
- Prior art keywords
- iot
- data
- data usage
- computer
- profile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 22
- 230000009471 action Effects 0.000 claims abstract description 14
- 230000004044 response Effects 0.000 claims abstract description 5
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 15
- 238000010586 diagram Methods 0.000 description 13
- 230000002085 persistent effect Effects 0.000 description 10
- 238000012545 processing Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 230000000903 blocking effect Effects 0.000 description 3
- 239000004744 fabric Substances 0.000 description 3
- 239000000835 fiber Substances 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 239000008267 milk Substances 0.000 description 3
- 210000004080 milk Anatomy 0.000 description 3
- 235000013336 milk Nutrition 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003203 everyday effect Effects 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 230000001902 propagating effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 210000003813 thumb Anatomy 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000005406 washing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/303—Terminal profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
- H04L43/065—Generation of reports related to network devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
In one method, a processor receives a request from a network device. The processor obtains a device profile for the network device from a database. The processor determines whether a device profile of the network device has a data usage pattern associated with the data identified by the data identifier. In response to determining that the device profile has an associated data usage pattern, the processor receives the associated data usage pattern from the database. In response to determining that the device profile does not have an associated data usage pattern, the processor obtains a device type profile from a database. A processor classifies the data usage request based on at least one of the device profile and the device type profile. The processor performs a security action based on the classification of the data usage request. The processor stores the data usage request and the performed security action to a database.
Description
Background
The present invention relates generally to the field of IoT networks, and more particularly to managing data and data usage in IoT networks.
Internet of things (IoT) refers to the concept of extending internet connectivity beyond conventional computing platforms, such as personal computers and mobile devices, and into any range of traditionally non-internet-enabled physical devices and everyday objects. Embedded with electronics, internet connectivity, and other forms of hardware (such as sensors), these devices and objects can communicate and interact with other devices over the internet, and the devices and objects can be remotely monitored and controlled.
The definition of IoT has evolved due to the convergence of various technologies, real-time analytics, machine learning, commodity sensors, and embedded systems. Embedded systems, wireless sensor networks, control systems, automation (including home and building automation), and other traditional areas all contribute to IoT enablement. In the consumer market, IoT technology is most synonymous with products belonging to the "smart home" concept, overlay devices and appliances that support one or more common ecosystems (such as lighting fixtures, thermostats, home security systems and cameras, and other household appliances), and can be controlled via devices associated with the ecosystem (such as smartphones and smart speakers).
The IoT concept faces prominent criticism, especially on privacy and security issues related to these devices and their ubiquitous intentions. IoT devices may be installed at a cursive rate using default passwords that are published on the internet. Security experts indicate that it is often difficult for people outside the IoT network to mark around the "back door" of security protection. Such bugs may be accidental and are the result of defects in the original design or updates of the software.
Disclosure of Invention
The present invention provides a method as claimed in claim 1, and a corresponding computer program and system for monitoring usage data in an IoT network.
Drawings
Fig. 1 depicts a block diagram of an IoT computing environment in accordance with an embodiment of the present invention.
Fig. 2 depicts a block diagram of an IoT blockchain computing environment in accordance with an embodiment of the present invention.
Fig. 3 depicts a flow diagram of the steps of an IoT monitoring procedure in accordance with an embodiment of the present invention.
Fig. 4 depicts a block diagram of a computing device of an IoT computing environment in accordance with an embodiment of the present invention.
Detailed Description
Embodiments of the present invention recognize that data privacy is one of the biggest challenges of IoT networks. The IoT concept faces prominent criticism, especially on privacy and security issues related to these devices and their ubiquitous intentions. IoT devices have become the target of more network tracking. IoT devices may be installed at a cursive rate using default passwords that are published on the internet. IoT devices are created with a "back door" that can place the entire network at risk. Security experts represent that it is often difficult for people outside the IoT network to mark around the "back door" of security protection. Such bugs may be accidental and are the result of defects in the original design or updates of the software. This is cumbersome because within today's IoT networks, the IoT devices themselves hold the data that the IoT devices need and use.
Embodiments of the present invention segregate data to create categories (i.e., currency, appliances, health, security, etc.) based on the context of the data. Each category has a centralized database with data for that category (i.e., credit cards, etc.) and a blockchain for recording, auditing, and managing each data request. Each category is managed based on the role, function, and/or data of the IoT devices. The categories may be suggested by the system, by the user, or a combination of both. The IoT devices may be registered in a class during initial setup of the IoT devices completed by the IoT controller and approved by the owner of the IoT network.
Embodiments of the present invention utilize blockchain techniques to securely audit and control data requests of IoT devices. Additional federated or private blockchains may record inter-category transactions to maintain record integrity. Federated blockchain transactions may also be recorded in blockchains that involve an additional layer of data security, such that inter-category transaction data may be recovered even after errors (i.e., corruption, deletion, forgery, etc.) on the federated blockchain.
Embodiments of the present invention provide a mechanism for controlling and managing access to sensitive data on an IoT network based on context type and/or data isolation by users. Embodiments of the present invention also provide a mechanism for auditing access to sensitive data on an IoT network based on blockchain techniques. Embodiments of the present invention further provide an alert when an IoT device of one category attempts to access data from another category.
Another related concern is data abuse on IoT devices within the same network. For example, a smart lock changes the number of days of access for service personnel, or a freezer changes the mode of using a credit card number to purchase milk. Embodiments of the present invention provide a system that can monitor and prevent data usage abuse from IoT devices within an IoT network. Embodiments of the present invention may maintain a profile for each IoT device within an IoT network, where the profile is associated with sensitive data usage of the device and stores usage patterns identified by the system. Embodiments of the present invention may trigger notifications/alerts if the expected access and/or usage of data (i.e., sensitive data) by the IoT device exceeds normal usage or request thresholds and/or does not match usage patterns, e.g., the number of requests for credit card data increases, requests to open ports, increased bandwidth, etc. Embodiments of the invention may perform predetermined security actions and/or may send notifications/alerts to the user and listen for user feedback to prevent or allow the intended use of the data. The user feedback may be used to retrain the system and stored in the profile of the IoT device.
Embodiments of the present invention use machine learning to generate data usage models to identify data usage patterns to determine whether the expected usage of data exceeds a normal usage or request threshold and/or does not match usage patterns. Data considered to generate the data usage model includes, but is not limited to, IoT device Identification (ID), IoT device type (e.g., smart lock), sensitive data (e.g., schedule of access days for service personnel), operations using sensitive data (e.g., granting access to service personnel based on scheduling), type of operation (e.g., granting access), previous operations of the same type (e.g., history of granting access for service personnel role), date of previous and current operations, time of previous and current operations, weather and other contextual data of previous and current operations, affected resources (e.g., smart lock on first tier), and involved users (e.g., service personnel users).
Embodiments of the present invention classify the expected usage of data into three categories: normal use, block, or request approval. The classification is based on the data usage model and any identified data usage patterns for the intended use of the data. If the intended use of the data is classified as blocked or requesting approval, embodiments of the invention send a notification/alert to the user that references the intended use of the data. Some embodiments of the invention send a notification/alert requesting user feedback if the expected usage of the data is classified as normal usage but with low confidence. Embodiments of the present invention send notifications/alerts to the owner of the IoT network in the form of three-part feedback responses that request user feedback, (1) the ID of the IoT device's intended use of the data, (2) the correct classification, and (3) approval or disapproval of completion of the intended use of the data by the IoT device.
Embodiments of the invention may detect suspicious expected usage of data on IoT devices, such as a refrigerator that interrogates credit card data, a camera that interrogates data from other sensors (such as motion detection), and the like. Embodiments of the present invention may prevent a network attacker from obtaining user personal data (such as user behavior data) to detect patterns of user behavior.
The present invention will now be described in detail with reference to the accompanying drawings.
Fig. 1 depicts a functional block diagram of an IoT computing environment 100 in accordance with an embodiment of the present invention. FIG. 1 provides an illustration of only one embodiment of the invention and does not imply any limitation with regard to the environments in which different embodiments may be implemented. In the depicted embodiment, the IoT computing environment 100 includes an IoT controller 120, a computing device 130, an IoT device 140, and an IoT device 150 interconnected by an IoT network 110. The IoT computing environment 100 may include additional servers, computers, IoT devices, or other devices not shown.
The IoT network 110 operates as a computing network that may be, for example, a Local Area Network (LAN), a Wide Area Network (WAN), or a combination of both, and may include wired, wireless, or fiber optic connections. In an embodiment, IoT network 110 is a private/secure network that includes a firewall 112 to prevent unauthorized access to or from IoT network 110 while permitting outbound communications. The firewall 112 can be implemented in hardware or software form or a combination of both. In an embodiment, the IoT network 110 may be connected to the internet (depicted as internet 160), but the firewall 112 prevents unauthorized internet users from accessing the IoT network 110. In general, IoT network 110 may be any combination of connections and protocols that will support communication between IoT controller 120, computing device 130, IoT device 140, and IoT device 150.
IoT controller 120 operates to run IoT monitoring program 122 and use database 124 to store and/or transmit data. In an embodiment, IoT controller 120 may send data from database 124 to computing device 130, IoT device 140, and/or IoT device 150. In an embodiment, IoT controller 120 may receive data in database 124 from computing device 130, IoT device 140, and/or IoT device 150. In some embodiments, IoT controller 120 may be a management server, a web server, or any other electronic device or computing system capable of receiving and transmitting data. In some embodiments, IoT controller 120 may be a laptop computer, a tablet computer, a netbook computer, a Personal Computer (PC), a desktop computer, a smartphone, or any programmable electronic device capable of communicating with computer device 130, IoT device 140, and IoT device 150 via IoT network 110. In other embodiments, IoT controller 120 represents a server computing system that utilizes multiple computers as a server system, such as in a cloud computing environment. IoT controller 120 may include components as described in further detail in fig. 4.
The computing device 130 operates to run a user interface 132 for interacting with the owner and/or authorized user of the IoT network 110. In an embodiment, the computing device 130 may send and/or receive data from the IoT controller 120. In some embodiments, computing device 130 may be an administrative server, a web server, or any other electronic device or computing system capable of receiving and transmitting data. In some embodiments, computing device 130 may be a laptop computer, a tablet computer, a netbook computer, a Personal Computer (PC), a desktop computer, a smartphone, or any programmable electronic device capable of communicating with IoT controller 120 via IoT network 110. Computing device 130 may include components as described in further detail in fig. 4.
The user interface 132 operates as a local user interface on the computing device 130 of the IoT monitor 122. In an embodiment, the user interface 132 is a native mobile application user interface of the IoT monitor 122. In an embodiment, the user interface 132 enables an owner of the IoT network 110 to authorize adding IoT devices to the IoT network 110, authorize classification of IoT devices and sensitive data, and list authorized users of the IoT network 110. In an embodiment, the user interface 132 enables the owner of the IoT network 110 to view and respond to notifications/alerts sent by the IoT monitor 122 in the form of user feedback.
The IoT monitor 122 functions to monitor and prevent misuse of data usage from IoT devices, such as IoT devices 140 within an IoT network, such as IoT network 110. In an embodiment, IoT monitor 122 receives the request for data usage, determines whether to allow the data usage to be performed based on the data usage pattern, and in some scenarios, sends a notification/alert to the owner of IoT network 110 based on the determination. In the depicted embodiment, the IoT monitor 122 resides on the IoT controller 120. In other embodiments, the IoT monitor 122 may reside on the computing device 130 or another computing device (not shown) as long as the IoT monitor 122 has access to the IoT network 110.
The database 124 operates as a repository of IoT data, device type profiles, device profiles, data usage patterns, and data usage models. A database is an organized collection of data. The database 124 may be implemented with any type of storage device (such as a database server, hard drive, or flash memory) capable of storing data and configuration files that may be accessed and utilized by the IoT controller 120. In an embodiment, database 124 is accessed by IoT monitor 122, IoT controller 120, and/or computing device 130 to store IoT data, device type profiles, device profiles, data usage patterns, and data usage models. In another embodiment, database 124 is accessed by IoT monitor 122, IoT controller 120, and/or computing device 130 to access IoT data, device type profiles, device profiles, data usage patterns, and data usage models. In the depicted embodiment, the database 124 resides on the IoT controller 120. In another embodiment, the database 124 may reside elsewhere within the IoT computing environment 100 as long as the database 124 has access to the IoT network 110.
IoT data includes any data used by, stored on, and sent or received by an IoT device, which may include sensitive IoT data. Sensitive IoT data includes, but is not limited to, fingerprints, credit card numbers, personal identification numbers, medical records, passwords, access codes, and the like. IoT monitoring program 122 monitors the use of sensitive IoT data.
A device type profile is a profile of a type of IoT device including, but not limited to, a default data set describing the class of device, the type of data used by the class of device, the frequency of use of the data used by the class of device, and the general intended use performed with the data used by the class of device. The IoT monitor 122 considers the device type profile when adding a new IoT device to the IoT network 110 and when there are no data usage requests for the stored data usage patterns. Device types include, but are not limited to, physical security devices, smart appliances, personal devices, entertainment devices, and the like.
The device profile includes, but is not limited to, an IoT device ID, an IoT device type (e.g., smart lock), a data usage pattern of the IoT device, and a data usage model of the IoT device. The data usage patterns include, but are not limited to, the type of data, the frequency of use of the data, and the usage history of the IoT devices on the data. The IoT monitor 122 creates a device profile for each IoT device in the IoT network 110. The IoT monitor 122 considers the data usage patterns and data usage models in the device profile when determining whether to perform data usage requests by the IoT device.
The IoT devices 140 and 150 operate as physical devices and/or everyday objects embedded with electronic devices, internet connectivity, and other forms of hardware (i.e., sensors). In general, IoT devices may communicate and interact with other IoT devices over the internet while being remotely monitored and controlled. In the depicted embodiment, IoT devices 140 and 150 are monitored and controlled by IoT monitor 122 and the owner on IoT controller 120 through user interface 132 on computing device 130. Types of IoT devices include, but are not limited to, smart locks, garage doors, refrigerators, freezers, ovens, mobile devices, smart watches, a/C units, washer/dryer units, smart TVs, virtual auxiliary devices, and any other smart home device. In several embodiments, the IoT network 110 contains additional IoT devices (not shown).
Fig. 2 depicts a block diagram of an IoT blockchain computing environment 200 in accordance with an embodiment of the present invention. FIG. 1 provides an illustration of only one embodiment of the invention and does not imply any limitation with regard to the environments in which different embodiments may be implemented. In the depicted embodiment, IoT blockchain computing environment 200 includes IoT controller 220, secure blockchain subnetwork 230, personal blockchain subnetwork 240, appliance blockchain subnetwork 250, and federated blockchain subnetwork 260 interconnected by IoT network 270. The IoT blockchain computing environment 200 may include additional servers, computers, IoT devices, or other devices not shown.
In some embodiments, IoT network 210 contains multiple blockchain subnets for separate classes of IoT devices and subnetworks for federated or private blockchains. Classes of IoT devices include, but are not limited to, physical security, personal, entertainment, and appliances. For example, the physical security category may include physical security IoT devices, such as intelligent door locks and intelligent garage doors. In another example, the personal category may include personal IoT devices, such as virtual assistant devices and personal mobile devices. In another example, the entertainment category may include entertainment IoT devices, such as smart TVs and smart audio systems. In another example, the appliance category may include appliance IoT devices, such as intelligent refrigerators, intelligent a/C units, intelligent washer/dryer units, and other intelligent household appliances. In an embodiment, IoT controller 220 creates these sub-networks of IoT devices through a user interface of a computing device similar to those depicted in fig. 1, which are approved by the owner of IoT network 120.
In the depicted embodiment, IoT network 210 includes a secure blockchain subnetwork 230, a personal blockchain subnetwork 240, an appliance blockchain subnetwork 250, and a federated blockchain subnetwork 260. In the depicted embodiment, secure blockchain subnetwork 230 includes door lock 232 and garage door 234. In the depicted embodiment, personal blockchain subnet 240 includes a smart watch 242 and a mobile device 244. In the depicted embodiment, appliance zone chain sub-network 250 includes an A/C252, a refrigerator 254, and a washing machine 256. In the depicted embodiment, the federated blockchain sub-network 260 is a blockchain sub-network for inter-category transactions.
In some embodiments, IoT controller 220 includes multiple databases similar to database 124, where each database separately stores certain data for each subnetwork/class of IoT devices, such as data for appliance classes, data for personal classes, data for entertainment classes, data for physical security classes, and so forth. In the depicted embodiment, IoT controller 220 includes IoT network database 224, security database 225, personal database 226, and family task database 227. For example, a credit card number may be stored in personal database 226, which personal database 226 stores only financial and personal data for personal blockchain subnet 240. In another example, the fingerprint data may be stored in a secure database 225 that stores only the security configuration for the secure blockchain subnetwork 230. In another example, the a/C schedule data may be stored in a home task database 227 that stores only home task data for the appliance blockchain sub-network 250.
In an example scenario of the IoT blockchain computing environment 200, an IoT device is granted one time, temporary access to a class database that is different from the class in which the IoT device is located. In this example scenario, refrigerator 254 sends a request to IoT controller 220 to access a credit card number that enables the purchase of milk. IoT controller 220 determines that refrigerator 254 is classified in appliance blocking subnetwork 250 and that the requested credit card number is limited to IoT devices in personal blocking subnetwork 240. IoT controller 220 determines that refrigerator 254 cannot be added to personal blockchain subnet 240, and thus data access and transactions using this data (e.g., purchasing milk using a credit card number) will be managed in federated blockchain subnet 260. A secure connection is created for one-time temporary access to the pointer, data link, credit card number by the refrigerator 254. In federated blockchain subnetwork 260, refrigerator 254 accesses a pointer to a credit card number over a secure connection, IoT controller 220 creates a new chunk (e.g., register) for the transaction, and refrigerator 254 completes the transaction — the transaction holds a temporary pointer to the credit card number instead of the credit card number itself.
Fig. 3 depicts a flowchart 300 of the steps of the IoT monitor 122 in accordance with an embodiment of the present invention. In an embodiment, IoT monitor 122 receives the request for data usage, determines whether to allow the data usage to be performed based on the data usage pattern, and in some scenarios, sends a notification/alert to the owner of IoT network 110 based on the determination. It should be understood that the process depicted in fig. 3 illustrates one possible iteration of the process flow that repeats for each data usage request received by IoT monitor 122.
In step 310, IoT monitor 122 receives the data usage request. In an embodiment, IoT monitor 122 receives data usage requests from IoT devices (such as IoT device 150) in an IoT network (such as IoT network 110). In an embodiment, IoT monitor 122 receives data usage requests from IoT devices (such as IoT device 140) in an IoT network (such as IoT network 110) to complete the intended usage of the data. The data usage request includes, but is not limited to, an IoT device Identification (ID), an ID of the requested data, and metadata associated with the intended usage of the data.
In step 320, the IoT monitor 122 obtains the device profile. In an embodiment, the IoT monitor 122 obtains a device profile for the IoT device that sent the data usage request. In an embodiment, IoT monitor 122 obtains the device profile from database 124. In an embodiment, IoT monitor 122 obtains an IoT device ID, an IoT device type (e.g., smart lock), a data usage pattern, and a data usage model through the device profile.
In decision 330, the IoT monitor 122 determines whether the device profile has an associated data usage pattern. In an embodiment, IoT monitor 122 determines whether a device profile has a relevant data usage pattern by comparing the data usage request to the data usage pattern in the device profile. In an embodiment, IoT monitor 122 determines whether a device profile has a relevant data usage pattern by comparing IoT device Identifications (IDs), IoT device types, sensitive data involved, operations using sensitive data, types of operations, previous operations of the same type, dates of previous and current operations, times of previous and current operations, previous and current operations of the data usage request for IoT device Identifications (IDs), weather and other contextual data of affected resources and involved users, IoT device types, sensitive data, operations using the sensitive data, types of operations, previous operations of the same type, dates of previous and current operations, times of previous and current operations, previous and current operations of data usage patterns stored in the device profile, affected resources and weather and other contextual data of involved users, to determine if there is a relevant data usage pattern.
If the IoT monitor 122 determines that the device profile has an associated data usage pattern (decision 330, the "yes" branch), the IoT monitor 122 proceeds to step 350. If the IoT monitor 122 determines that the device profile does not have the relevant data usage pattern (decision 330, no branch), the IoT monitor 122 proceeds to step 340.
In step 340, the IoT monitor 122 obtains the device type profile. In an embodiment, IoT monitor 122 obtains a device type profile from database 124 based on the type of IoT device that sent the data usage request. For example, if the smart refrigerator sends a data usage request, the IoT watcher 122 obtains a device type profile for the smart appliance. In an embodiment, IoT monitoring program 122 obtains from the device type profile the type of data used by the type of device, the frequency of use of the data used by the type of device, and the general intended use performed with the data used by the type of device.
In step 350, IoT monitor 122 classifies the data usage request. In an embodiment, IoT monitor 122 classifies the data usage requests based on data usage patterns in the device profile. In another embodiment, IoT monitor 122 classifies the data usage request based on the device type profile. In an embodiment, IoT monitor 122 classifies data usage requests into the following three categories: normal use, block, or request approval. IoT monitor 122 classifies the data usage request as normal usage if the data usage request does not exceed a normal usage or request threshold, matches a relevant data usage pattern allowing the expected usage, and/or matches information in the device type profile allowing the expected usage. IoT monitor 122 classifies the data usage request as blocked if the data usage request exceeds a normal usage or request threshold, matches a relevant data usage pattern that blocks the intended usage, and/or matches information in the device type profile that blocks the intended usage. If the data usage request exceeds a normal usage or request threshold, does not match a relevant data usage pattern, and/or does not match information in the device type profile, IoT monitor 122 classifies the data usage request as requesting approval.
In step 360, IoT monitor 122 performs a security action based on the classification. In embodiments where the IoT monitor 122 classifies the data usage request as normal usage, the IoT monitor 122 allows the data usage request to be executed. In an embodiment in which IoT monitor 122 classifies the data usage request as blocked, IoT monitor 122 performs one of at least three security actions, (1) blocking access to the IoT network by the IoT device, (2) removing access to the database by the IoT device, and (3) disconnecting network access by the IoT device. In embodiments where IoT monitor 122 classifies a data usage request as requesting approval, IoT monitor 122 sends an alert/notification to an owner device (such as computing device 130) requesting user feedback on what the correct classification is, preventing or normal use so that associated security actions can be taken when user feedback with the correct classification is received. In embodiments where IoT monitor 122 classifies a data usage request as information, IoT monitor 122 sends an alert/notification to an owner device (such as computing device 130) with information about the data usage request, the ID of the IoT device requesting the data usage, the ID of the IoT device's expected usage of the data, the classification given, and the security action performed.
In step 370, IoT monitor 122 stores the data usage request and the performed security action. In an embodiment, IoT monitor 122 stores the data usage request, the performed security action, and metadata associated with the data usage request and the performed security action in the device profile of the IoT device that made the request. In an embodiment, IoT monitor 122 stores the received user feedback in the device profile of the IoT device that made the request.
In a first example of flowchart 300, IoT monitor 122 receives a data usage request with an associated data usage pattern and allowing expected data usage. In this example, a building person attempts to unlock a smart lock on the front door of the building. In step 310, the IoT monitor 122 receives a request from the smart lock to access a schedule for personnel entry, where the schedule is in the database 124. In step 320, IoT monitor 122 obtains the device profile of the smart lock from database 124. In decision 330, IoT watcher 122 determines that the device profile of the smart lock has the relevant data usage pattern of the smart lock visiting the schedule of the people portal. In step 350, the IoT monitor 122 classifies the request by the smart lock for the schedule that the person entered as normal use based on the relevant data usage patterns in the smart lock's device profile. In step 360, the IoT monitor 122 allows the smart lock to access the schedule of personnel entry. In step 370, IoT monitor 122 stores the request and the results.
In a second example of flowchart 300, IoT monitor 122 receives a data usage request that has an associated data usage pattern and blocks expected data usage. In this example, the smart refrigerator attempts to access the credit card number stored in the database 124. In step 310, IoT monitor 122 receives a request from the smart refrigerator to access a credit card number stored in database 124. In step 320, IoT monitor 122 obtains the device profile of the smart refrigerator from database 124. In decision 330, IoT monitor 122 determines that the device profile of the smart refrigerator has the relevant data usage pattern of the smart refrigerator attempting to access the credit card number. In this example, the data usage pattern includes that the usage threshold would be exceeded if the smart refrigerator were allowed to access the credit card number. In step 350, IoT monitor 122 classifies the request for the credit card number by the smart refrigerator as blocked based on the relevant data usage patterns in the device profile of the smart refrigerator. At step 360, IoT monitor 122 prevents the smart refrigerator from accessing the credit card number. In step 370, IoT monitor 122 stores the request and the results.
In a third example of flowchart 300, IoT monitor 122 receives a data usage request without a relevant data usage pattern and performs a security action based on the device type profile. In this example, the intelligent garage door is attempting to access a credit card number stored in the database 124. At step 310, IoT monitor 122 receives a request from the intelligent garage door to access a credit card number stored in database 124. In step 320, IoT monitor 122 obtains the device profile of the intelligent garage door from database 124. In decision 330, IoT monitor 122 determines that the device profile of the intelligent garage door does not have the relevant data usage pattern of the intelligent garage door attempting to access the credit card number. In step 340, IoT monitor 122 obtains the device type profile of the physical secure IoT device because the intelligent garage door is a physical secure IoT device. In this example, the device type profile does not include this type of data usage and does not have a similar history of physical secure IoT device usage for this data. In step 350, IoT monitor 122 classifies the request for the credit card number by the intelligent garage door as blocked based on data in the device type profile of the physically secure IoT device. At step 360, IoT monitor 122 prevents the smart refrigerator from accessing the credit card number. In step 370, IoT monitor 122 stores the request and the results.
In the fourth example of flowchart 300, IoT monitor 122 receives a data usage request without a relevant data usage pattern, classifies the request as a request approval, and performs a security action based on the received user feedback. In this example, the smart TV attempts to access the credit card number stored in the database 124. In step 310, IoT monitor 122 receives a request from the smart TV to access a credit card number stored in database 124. In step 320, IoT monitor 122 obtains the device profile of the smart TV from database 124. In decision 330, IoT monitor 122 determines that the device profile of the smart television does not have the relevant data usage pattern of the smart television attempting to access the credit card number. In step 340, the IoT monitor 122 obtains the device type profile of the entertainment IoT device because the smart TV is an entertainment physical security IoT device. In this example, the device type profile does include this type of data usage, but is historically classified as requesting approval when the entertainment IoT device first requests this type of data usage. In step 350, IoT monitor 122 classifies the smart TV's request for credit card numbers as a request approval based on the device type profile. In step 360, IoT monitor 122 allows the smart television to access the credit card number based on the received user feedback. In step 370, IoT monitor 122 stores the request and the results.
Fig. 4 depicts a block diagram of a computer 400 suitable for the IoT controller 120 and the computing device 130, according to an exemplary embodiment of the present invention. It should be appreciated that FIG. 4 provides illustration of only one embodiment and does not imply any limitations with regard to the environments in which different embodiments may be implemented. Many modifications to the depicted environments may be made.
IoT monitoring programs 122 may be stored in persistent storage 408 and memory 406 for execution and/or access by one or more of the respective computer processors 404 via cache 416. In an embodiment, persistent storage 408 includes a magnetic hard drive. Alternatively, or in addition to a magnetic hard drive, persistent storage 408 may include a solid state drive, a semiconductor memory device, a Read Only Memory (ROM), an Erasable Programmable Read Only Memory (EPROM), flash memory, or any other computer-readable storage medium capable of storing program instructions or digital information.
The media used by persistent storage 408 also may be removable. For example, a removable hard drive may be used for persistent storage 408. Other examples include optical and magnetic disks, thumb drives, and smart cards that are inserted into the drives for transfer to another computer readable storage medium that is also part of persistent storage 408.
In these examples, communication unit 410 provides for communication with other data processing systems or devices. In these examples, communications unit 410 includes one or more network interface cards. The communication unit 410 may provide communications using one or both of physical and wireless communication links. Programs, such as IoT monitor 122, may be downloaded to persistent storage 408 through communication unit 410.
The I/O interface 412 allows for data input and output with other devices that may be connected to the computing device 130 and the IoT controller 120. For example, I/O interface 412 may provide a connection to an external device 418, such as a keyboard, a keypad, a touch screen, and/or some other suitable input device. The external device 418 may also include portable computer readable storage media such as, for example, a thumb drive, a portable optical or magnetic disk, and a memory card. Software and data for implementing embodiments of the present invention may be stored on such portable computer-readable storage media and loaded onto persistent memory 408 via I/O interface 412. The I/O interface 412 is also connected to a display 420.
The IoT monitors 122 described herein are identified based on the application for which they are implemented in particular embodiments of the present invention. However, it should be appreciated that any particular program nomenclature herein is used merely for convenience, and thus the invention should not be limited to use solely in any specific application identified and/or implied by such nomenclature.
The present invention may be a system, method and/or computer program product. The computer program product may include a computer-readable storage medium (or media) having computer-readable program instructions thereon for causing a processor to perform aspects of the invention.
The computer readable storage medium may be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer-readable storage medium includes the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device (such as punch cards) or a raised structure in a recess having instructions recorded thereon), and any suitable combination of the foregoing. A computer-readable storage medium as used herein should not be interpreted as a transitory signal per se, such as a radio wave or other freely propagating electromagnetic wave, an electromagnetic wave propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or an electrical signal transmitted through a wire.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a corresponding computing/processing device, or to an external computer or external storage device via a network (e.g., the internet, a local area network, a wide area network, and/or a wireless network). The network may include copper transmission cables, optical transmission fibers, wireless transmissions, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium within the respective computing/processing device.
The computer readable program instructions for carrying out operations of the present invention may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source code or object code written in any combination of one or more programming languages, including an object oriented Smalltalk, C + + or the like programming language, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, an electronic circuit, including, for example, a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA), may personalize the electronic circuit by executing computer-readable program instructions with state information of the computer-readable program instructions in order to perform aspects of the present invention.
Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable storage medium having the instructions stored therein comprise an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
The computer-readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
Claims (9)
1. A computer-implemented method for monitoring data usage in a network by a plurality of network devices, the computer-implemented method comprising:
receiving, by one or more processors, a data usage request from a network device of the plurality of network devices;
obtaining, by one or more processors, a device profile of the network device from a database;
determining, by one or more processors, whether the device profile of the network device has a data usage pattern related to data requested in the data usage request;
classifying, by one or more processors, the data usage request based on whether the device profile of the network device has an associated data usage pattern;
performing, by one or more processors, a security action based on the classification of the data usage request; and
storing, by one or more processors, the data usage request and the performed security action to the database.
2. The computer-implemented method of claim 1, wherein the data usage request includes a network device identifier, a data identifier, and metadata associated with an expected usage of data identified by the data identifier.
3. The computer-implemented method of claim 1, wherein the device profile comprises a network device identifier, a network device type, and a set of data usage patterns.
4. The computer-implemented method of claim 3, further comprising:
comparing, by one or more processors, the data usage request to the set of data usage patterns in the device profile.
5. The computer-implemented method of claim 1, further comprising:
receiving, by one or more processors, the relevant data usage pattern from the database in response to determining that the device profile of the network device has a relevant data usage pattern.
6. The computer-implemented method of claim 3, further comprising:
in response to determining that the device profile of the network device does not have an associated data usage pattern, obtaining, by one or more processors, a device type profile from the database.
7. The computer-implemented method of claim 6, wherein obtaining the device type profile from the database comprises:
identifying, by one or more processors, the device type profile based on the network device type in the device profile.
8. A system comprising means adapted for carrying out all the steps of the method according to any preceding method claim.
9. A computer program comprising instructions for carrying out all the steps of the method according to any preceding method claim, when said computer program is executed on a computer system.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/421,156 US11457032B2 (en) | 2019-05-23 | 2019-05-23 | Managing data and data usage in IoT network |
US16/421,156 | 2019-05-23 | ||
PCT/EP2020/062467 WO2020233984A1 (en) | 2019-05-23 | 2020-05-05 | Managing data and data usage in iot network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113767613A true CN113767613A (en) | 2021-12-07 |
CN113767613B CN113767613B (en) | 2024-04-23 |
Family
ID=70554081
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202080032483.7A Active CN113767613B (en) | 2019-05-23 | 2020-05-05 | Managing data and data usage in IOT networks |
Country Status (11)
Country | Link |
---|---|
US (1) | US11457032B2 (en) |
JP (1) | JP2022533305A (en) |
KR (1) | KR102612502B1 (en) |
CN (1) | CN113767613B (en) |
AU (1) | AU2020280677B2 (en) |
BR (1) | BR112021023486A2 (en) |
CA (1) | CA3137229A1 (en) |
IL (1) | IL288059A (en) |
MX (1) | MX2021013229A (en) |
SG (1) | SG11202110243RA (en) |
WO (1) | WO2020233984A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11785021B2 (en) * | 2019-11-11 | 2023-10-10 | Jan-Robin Gerards | Systems and methods for facilitating detection of a security event associated with an IoT device |
US11824881B2 (en) | 2020-04-15 | 2023-11-21 | T-Mobile Usa, Inc. | On-demand security layer for a 5G wireless network |
US11444980B2 (en) | 2020-04-15 | 2022-09-13 | T-Mobile Usa, Inc. | On-demand wireless device centric security for a 5G wireless network |
US11070982B1 (en) | 2020-04-15 | 2021-07-20 | T-Mobile Usa, Inc. | Self-cleaning function for a network access node of a network |
US11799878B2 (en) | 2020-04-15 | 2023-10-24 | T-Mobile Usa, Inc. | On-demand software-defined security service orchestration for a 5G wireless network |
US11206542B2 (en) * | 2020-05-14 | 2021-12-21 | T-Mobile Usa, Inc. | 5G cybersecurity protection system using personalized signatures |
US11057774B1 (en) | 2020-05-14 | 2021-07-06 | T-Mobile Usa, Inc. | Intelligent GNODEB cybersecurity protection system |
US11962469B2 (en) * | 2021-02-10 | 2024-04-16 | Cisco Technology, Inc. | Identifying devices and device intents in an IoT network |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106598750A (en) * | 2015-10-16 | 2017-04-26 | 诺基亚技术有限公司 | Method, apparatus and computer program product for a cookie used for an internet of things device |
US20170230369A1 (en) * | 2016-02-08 | 2017-08-10 | Blackberry Limited | Access control for digital data |
US20170279682A1 (en) * | 2016-03-28 | 2017-09-28 | International Business Machines Corporation | Automatic finding and sharing of iot connected devices |
Family Cites Families (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6606659B1 (en) * | 2000-01-28 | 2003-08-12 | Websense, Inc. | System and method for controlling access to internet sites |
US6691175B1 (en) | 2000-02-25 | 2004-02-10 | Sun Microsystems, Inc. | Method and apparatus for managing data propagation between software modules |
ATE375567T1 (en) * | 2001-11-23 | 2007-10-15 | Protegrity Res & Dev | METHOD FOR DETECTING INTRUDERS IN A DATABASE SYSTEM |
JP4698383B2 (en) * | 2004-10-26 | 2011-06-08 | パナソニック株式会社 | Wireless terminal device, management terminal device, and terminal management method |
US8161111B2 (en) | 2006-03-27 | 2012-04-17 | Packet Video, Corp | System and method for identifying common media content |
US8176095B2 (en) | 2007-06-11 | 2012-05-08 | Lucid Design Group, Llc | Collecting, sharing, comparing, and displaying resource usage data |
US8756675B2 (en) | 2008-08-06 | 2014-06-17 | Silver Spring Networks, Inc. | Systems and methods for security in a wireless utility network |
US8107973B1 (en) * | 2008-08-07 | 2012-01-31 | At&T Mobility Ii Llc | Class structured location based services |
US7916635B2 (en) * | 2008-12-23 | 2011-03-29 | Qwest Communications International, Inc. | Transparent network traffic inspection |
US9065868B2 (en) | 2009-04-08 | 2015-06-23 | Blackberry Limited | System and method for sharing data in a group of mobile devices |
EP2483791B1 (en) * | 2009-09-30 | 2018-01-17 | Amazon Technologies, Inc. | Modular device authentication framework |
US9716595B1 (en) | 2010-04-30 | 2017-07-25 | T-Central, Inc. | System and method for internet of things (IOT) security and management |
WO2014004399A1 (en) * | 2012-06-25 | 2014-01-03 | Visa International Service Association | Method and system for data security utilizing user behavior and device identification |
US9420002B1 (en) * | 2013-03-14 | 2016-08-16 | Mark McGovern | Authorization server access system |
US9652464B2 (en) * | 2014-01-30 | 2017-05-16 | Nasdaq, Inc. | Systems and methods for continuous active data security |
US9277559B2 (en) * | 2014-04-11 | 2016-03-01 | Verizon Patent And Licensing Inc. | Sharing radio resources among devices of different device classes |
US10083291B2 (en) | 2015-02-25 | 2018-09-25 | Verisign, Inc. | Automating internet of things security provisioning |
US10560840B2 (en) | 2016-03-18 | 2020-02-11 | Wipro Limited | System and method for providing dynamic, adaptive and composite privacy and security for IoT communication |
US10616249B2 (en) | 2016-03-31 | 2020-04-07 | Intel Corporation | Adaptive internet of things edge device security |
US9781602B1 (en) * | 2016-03-31 | 2017-10-03 | Ca, Inc. | Geographically based access management for internet of things device data |
US10237284B2 (en) | 2016-03-31 | 2019-03-19 | International Business Machines Corporation | Internet of things security appliance |
US10181978B1 (en) * | 2016-06-29 | 2019-01-15 | Amazon Technologies, Inc. | Discovery of device capabilities |
US10313404B2 (en) * | 2016-06-30 | 2019-06-04 | Microsoft Technology Licensing, Llc | Sharing user context and preferences |
US10498754B2 (en) * | 2017-06-09 | 2019-12-03 | Verizon Patent And Licensing Inc. | Systems and methods for policing and protecting networks from attacks |
EP3643001B1 (en) * | 2017-06-19 | 2023-08-02 | Silverfort Ltd. | Actively monitoring encrypted traffic by inspecting logs |
US10862911B2 (en) * | 2017-06-27 | 2020-12-08 | Allot Ltd. | System, device, and method of adaptive network protection for managed internet-of-things services |
US20190014137A1 (en) * | 2017-07-10 | 2019-01-10 | ZingBox, Inc. | IoT DEVICE SECURITY |
US10944753B2 (en) * | 2017-08-17 | 2021-03-09 | Verizon Patent And Licensing Inc. | IoT devices wireless network connectivity policy management |
US11544501B2 (en) * | 2019-03-06 | 2023-01-03 | Paypal, Inc. | Systems and methods for training a data classification model |
-
2019
- 2019-05-23 US US16/421,156 patent/US11457032B2/en active Active
-
2020
- 2020-05-05 CA CA3137229A patent/CA3137229A1/en active Pending
- 2020-05-05 WO PCT/EP2020/062467 patent/WO2020233984A1/en active Application Filing
- 2020-05-05 CN CN202080032483.7A patent/CN113767613B/en active Active
- 2020-05-05 BR BR112021023486A patent/BR112021023486A2/en unknown
- 2020-05-05 SG SG11202110243RA patent/SG11202110243RA/en unknown
- 2020-05-05 MX MX2021013229A patent/MX2021013229A/en unknown
- 2020-05-05 KR KR1020217036686A patent/KR102612502B1/en active IP Right Grant
- 2020-05-05 JP JP2021557531A patent/JP2022533305A/en active Pending
- 2020-05-05 AU AU2020280677A patent/AU2020280677B2/en active Active
-
2021
- 2021-11-11 IL IL288059A patent/IL288059A/en unknown
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106598750A (en) * | 2015-10-16 | 2017-04-26 | 诺基亚技术有限公司 | Method, apparatus and computer program product for a cookie used for an internet of things device |
US20170230369A1 (en) * | 2016-02-08 | 2017-08-10 | Blackberry Limited | Access control for digital data |
US20170279682A1 (en) * | 2016-03-28 | 2017-09-28 | International Business Machines Corporation | Automatic finding and sharing of iot connected devices |
Also Published As
Publication number | Publication date |
---|---|
BR112021023486A2 (en) | 2022-01-18 |
CN113767613B (en) | 2024-04-23 |
AU2020280677B2 (en) | 2023-07-20 |
KR20220002948A (en) | 2022-01-07 |
IL288059A (en) | 2022-01-01 |
AU2020280677A1 (en) | 2021-10-14 |
US20200374304A1 (en) | 2020-11-26 |
JP2022533305A (en) | 2022-07-22 |
US11457032B2 (en) | 2022-09-27 |
CA3137229A1 (en) | 2020-11-26 |
MX2021013229A (en) | 2022-01-06 |
KR102612502B1 (en) | 2023-12-11 |
WO2020233984A1 (en) | 2020-11-26 |
SG11202110243RA (en) | 2021-10-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113767613B (en) | Managing data and data usage in IOT networks | |
US11556664B2 (en) | Centralized event detection | |
US11379608B2 (en) | Monitoring entity behavior using organization specific security policies | |
US10491630B2 (en) | System and method for providing data-driven user authentication misuse detection | |
Weichbroth et al. | Mobile security: Threats and best practices | |
US11477209B2 (en) | Managing access rights of transferable sensor systems | |
EP3660717B1 (en) | Dynamic authorization of requested actions using adaptive context-based matching | |
US11716326B2 (en) | Protections against security vulnerabilities associated with temporary access tokens | |
WO2020023550A1 (en) | Internet of things blockchain auditing | |
WO2018064765A1 (en) | Biometric identification platform | |
Janarthanan et al. | IoT forensics: an overview of the current issues and challenges | |
EP4229532B1 (en) | Behavior detection and verification | |
US11323470B2 (en) | Analyzing and addressing least-privilege security threats on a composite basis | |
US10515187B2 (en) | Artificial intelligence (AI) techniques for learning and modeling internal networks | |
US20220247776A1 (en) | Analyzing and addressing security threats in network resources | |
Rafferty et al. | A security threat analysis of smart home network with vulnerable dynamic agents | |
Amraoui et al. | An ml behavior-based security control for smart home systems | |
Sriraman et al. | Slide-block: End-to-end amplified security to improve DevOps resilience through pattern-based authentication | |
Padilha França et al. | An overview of internet of things security from a modern perspective | |
US11861962B1 (en) | Smart lock system | |
US20160381020A1 (en) | Combined key security | |
US20220303179A1 (en) | Automatic device enrollment in an internet of things network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20221129 Address after: New York, United States Applicant after: Qindarui Co. Address before: New York grams of Armand Applicant before: International Business Machines Corp. |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant |